Nagios NSCA Configuration

NSCA daemon configuration is pretty straightforward. The only thing that is recommended is to enable the debug in the nsca.cfg file. Open the file /usr/local/nagios/etc/nsca.cfg, locate the line debug=0 and change it to 1:

Then, save the file and restart the NSCA daemon. Once the debug is enabled, useful NSCA status information is sent to the syslog.

Nagios Configuration

In order to properly handle ntopng-generated alerts, nagios requires some extra configuration. Before delving into the nagios configuration, it is worth discussing the format of ntopng-generated alerts.

As already introduced, ntopng propagates alerts as NSCA messages. NSCA messages are tab-separated text lines that contain the following information:

Host <tab> Service Description <tab> Service Status <tab> Message

Now that alerts format has been discussed, it is possible to move to the actual nagios configuration.

Nagios command

The first thing to do is to add a nagios command. The command is very simple since all the alert logic resides inside ntopng. Open up the nagios command.cfg file (/usr/local/nagios/etc/objects/commands.cfg) and add the following lines at the bottom:

Nagios Service

The second thing is to define a service template for asynchronous, passive services. This service will be extended by the ntopng host defined in the following section. Open the file templates.cfg (/usr/local/nagios/etc/objects/templates.cfg) and add the follwing service definition at the bottom

In the host definition part of the configuration file above, it is created a generic-ntopng host template that may be used for one or more hosts running ntopng. The second host definition, that inherits from generic-host, is the actual ntopng host. The host_name has been set to ntopng-host, and its ip address correspond to the Mac Os X machine running ntopng. It is important to jot down the host_name as it is necessary to set it inside ntopng configuration as well. Please make sure to change the ip address to the one of the host running your ntopng instance.

In the host group definition part of the configuration file, it is defined an host group for all the ntopng servers. Currently, the ntopng-servers group has only one host, namely, ntopng-host, but one may create a larger group with more than one ntopng monitoring host.

The third part, service definition, defines a service inheriting from the passive_service created in the section above. This service has a service_description equal to NtopngAlert and is associated to the host ntopng-host. The service_description string NtopngAlert should be kept in mind as it is required to set it into ntopng as well.

In order to tell nagios to read and use the ntopnghost.cfg file, it may be necessary to add the following line to the file (/usr/local/nagios/etc/nagios.cfg):

Nagios restart

Nagios configuration is done. To make sure the are no syntax errors in the edited files, we can run the following check

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If everything is OK, nagios will output something like

Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check

If no errors and warnings are detected, then it is safe to restart the nagios daemon.

Ntopng Configuration

The host running ntopng must have the send_nsca utility. This utility is bundled and shipped with the sources of NSCA. Alternatively, it can be found in the repositories of the most common distributions.

The host used in this tutorial has the utility installed under /opt/local/sbin:

We will drop this absolute path inside ntopng configuration page. It is also important to take note of the send_nsca configuration file absolute path. This is a very basic configuration file and doesn’t need to be edited but it is required by send_nsca to work properly. In the host used in the tutorial this file resides in /opt/local/etc/nsca/send_nsca.cfg

At this point no additional information is needed. Fire up the ntopng web interface and navigate to the Preferences page. There is a whole section dedicated to the nagios alerts.

The following configuration fields are available

Alerts To Nagios: Toggles nagios alerts on or off

Nagios NSCA Host: This field must be filled with the ip address of the host running the nagios NSCA daemon. In this tutorial the host is 192.168.1.10

Nagios NSCA Port: The port on which the NSCA daemon is listening. The daemon used in this tutorial listens on the default port 5667.

Nagios send_nsca executable: The absoulte path of the send_nsca executable, which is found in /opt/local/sbin/send_nsca in the ntopng host used in the tutorial

Nagios send_nsca configuration: The absolute path of the send_nsca configuration file, which is found in /opt/local/etc/nsca/send_nsca.cfg in the ntopng host used in this tutorial

Nagios host_name: The host_name exactly as specified in the nagios host definition for the ntopng host. The host name used in this tutorial is ntopng-host, as it has already been discussed in the nagios configuration section.

Nagios service_description: The service description exactly as specified in the nagios passive service definition for the ntopng host. The service_description used in this tutorial is NtopngAlert, as it has already been discussed in the nagios configuration section above.

At this point everything should be set up properly. Go to the ntopng web interface and arm an alert for a host of for a network. You will see it appearing both inside ntopng alerts page, as well as in the nagios web interface.

Since we have enabled NSCA debug, every time ntopng propagates an alert to nagios, the file /var/log/syslog of the nagios host should display a bunch of lines similar to the following:

Upcoming Events

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies from this website. Privacy PolicyAcceptRead more